Could you please let me know the exact step by step process
for the following Questions.
1.How to get the E-Mail address for 100 users at a time.
2.While Creating BW roles what are the Authorization Objects
we will use.
3.While Creating Single role what will be happened in the
functional side, when entered the Template role in the
derived role tab.
4.when we changed the password for more users(for
example:100 users) where the password will be stored or from
where you can Re-Collect the password and how will you
Communicate the password to all users at a time.
5.What is Virsa? Once you entered in to the screen what it
will perform.
6.What is the use of SU24 & SM24.
7.While Creating BW roles what are the Authorization Objects
we will use.
8.While Creating Single role what will be happened in the
functional side, when you entered the Template role in the
derived role tab.
9.What is Dialog users, Batch users and Communicate users.
What is the use with Communicate user.
10.Can we add one Composite role in to another Composite
role at any urgent user requests or in normal user requests.
11.In Transport what type of Request we will use.Why don't
we use Workbench request in transport.
12.When we added Authorization Object in Template role, at
the same time what will be happen in Derived role.
13.How to Check Profile parameter. And how to find whether
any transport has ended with error and where we can check.
14.How to Extract users list like who didn't login since 3
months. And In 90 Days user Locking in which table we will use.
15.What is OSS Connection and System Opening and why we have
to open these.
16.What will have in one single role and how many prifiles
will be in one sap cua system.
17.What is the difference between Template role & Derive role.
Answers were Sorted based on User's Feedback
Answer / parthu
READ CAREFULLY QUESTIONS AND THERE ANSWERS BELOW.
1.How to get the E-Mail address for 100 users at a time.
ANS: scatt script
2.While Creating BW roles what are the Authorization
Objects we will use.
ANS: s_rs_auth, s_rs_icube, s_rs_odso , s_rs_mpro,
s_rs_ipro, s_rs_admwb (for BI consultants & admins) and
s_rs_rsec (for BI Security consultant)
3.While Creating Single role what will be happened in the
functional side, when entered the Template role in the
derived role tab.
ANS : Don't NO
4.when we changed the password for more users(for
example:100 users)
ANS:
a) at the time of implementation we create users & PWD
b) depend on business users requests
c) if locked users needed to unlock and make them use then
we generate new PWDs.
d) monthly or quaterly basis we send a message to endusers
to change there PWDs.
e) users got locked due to incorrect log on.
f) users locked with the expiration of there user ids.
5. (A) where the password will be stored (B)from where you
can Re-Collect the password and (C) how will you
Communicate the password to all users at a time.
ANS:
A) PWD information will be stored in table USR02.
B) There is NO re-collect password process in SAP again
user needs to send request to security team to re-issue new
PWD
C) we can do it through scatt script.
6.What is Virsa? Once you entered in to the screen what it
will perform.
ANS: Before GRC comes into picture there were other tools
which are running in the market in order to do analysis.
those are VIRSA and APPROVA. both are an INDIAN Companies
and VIRSA developed Tools like Firefighter, Compliance
Calibrator, Access Enforcer and Role expert to do risk
analysis but In the Year 2006 VIRSA took over by SAP and it
changed names as Superuser Privilage Management (SPM), Risk
Analysis and Remediation (RAR), Compliant User Provisioning
CUP) and Enterprise Role Management (ERM) respectively.
Virsa FireFighter for SAP: enables super-users to perform
emergency activities outside the parameters of their normal
role, but to do so within a controlled, fully auditable
environment.The application assigns a temporary ID that
grants the super-user broad yet regulated access & tracks
and logs every activity the super-user performs using that
temporary ID.
7.What is the use of SU24 & SM24.
ANS: There is no SM24 t-code in SAP. coming to SU24, here
we can maintain the assignment of Authorization Objects by
entering into particular t-code and we can check the
relation between the t-code and concern authorization
objects and we can make changes according to business
needs. it means maintain Authorizations and its fields and
field values.
8.While Creating Single role what will be happened in the
functional side, when you entered the Template role in the
derived role tab.
QUESTION IS NOT CLEAR
9.What is Dialog users, Batch users and Communicate users.
What is the use with Communicate user.
ANS:
Dialog user is used by an indiviual to do all kinds of log
on.
Batch user is used for Background processing and
communication within the system.
Communicate user is used for external rfc calls. (across
the systems we can connect)
10.Can we add one Composite role in to another Composite
role at any urgent user requests or in normal user
requests.
ANS: We can not add a composite role into another composite
role but we can add multiple derived roles into one
composite roles.
11.In Transport what type of Request we will use.Why don't
we use workbench request in transport.
ANS: most of the time we do transport workbench and
customized requests. 95% we do customized transport as we
do settings,configurations,creation etc at DEV system and
transport them to QUA or PRD systems.
settings,configurations etc are done by BASIS,Security and
Functional consultants then those will be treated as
Customized and if ABAPers do programs and packages etc and
transport them then those will be treated as workbench.
12.When we added Authorization Object in Template role, at
the same time what will be happen in Derived role.
ANS: Template Roles will be provided by default by SAP
while we do implementation (install SAP).when we want to
have template role we should not use that role directly,
instead of that we can go for COPY option and we can copy
it and do customize according to our business needs.
13.How to Check Profile parameter. And how to find whether
any transport has ended with error and where we can check.
ANS: T-code RZ10 to check Profile Parameter & T-code STMS
we can check the Transport error logs. click on Import
Overview (Truck icon) in STMS screen and in next screen we
have options like : Import Monitor, Import Tracking and
Import History.... these will show the transport issues.
14.How to Extract users list like who didn't login since 3
months. And In 90 Days user Locking in which table we will
use.
ANS: T-code SUIM : Users -> Click on By Logon Date and
password change -> Give * in user and give 90 days in
No.days since last logon and check Locked users and then
EXECUTE.
(OR) RSUSR200 report to get info
15.What is OSS Connection and System Opening and why we
have to open these.
ANS: OSS means Online Service System where SAP is going to
give Service to R/3 Users.
16.What will have in one single role and how many prifiles
will be in one sap cua system.
ANS: Single role will contain T-codes, Reports and URL's,
Profiles and Users. Max profile are 312.
17.What is the difference between Template role & Derive
role.
ANS: Template role is nothing but a default role provided
by SAP. this template role might be a single or composite
or derived role. template roles are not generated profiles
or authorizations nor assigned to users and org levels are
not maintained.Derived role is nothing but a single role
and its derived from a Master role and can restrict org
levels and can assign them to users.
Is This Answer Correct ? | 15 Yes | 1 No |
Answer / chandrana
1.How to get the E-Mail address for 100 users at a time.
Ans: To get email address of the no. of users go to se16-
>ADR6->give the person number or Address number.
To get the Addres number or Person number go to the
tableUSR21 extract the data of the users.
Is This Answer Correct ? | 6 Yes | 0 No |
Answer / karunakar
Hi Friend,
5 . Virsa is a company which was developed the tools like
Compliance calibrator , access enforcer, Role expert, fire
fighter, from above some of the tools are used for security
operations like risk analysis ,
6. su24 we use this t code to know the relationship between
tcode and authorization object an also we maintain the check
indicators for the t codes and we need to maintain them in
authorization tab of pfcg,
10. it is not possible to add one composite role to another
composite role,
11. there are 4 types of TR 1.customizing TR, 2.WB TR,
3.Transport of copies 4.Relocation of objects
14. we can extract the user with RSUSR200 who are not logged
in for last 3 months, the table is USR02 Field UFLAG, if the
value is 64 then the user is locked,
17. Template role is a role which is sap standard role it
contains all authorizations and t codes defined by sap,
derived role is a tole which created from the parent role ,
we create the derive role to restrict the role to some org
levels,
Please let me know if i am wrong
Is This Answer Correct ? | 2 Yes | 1 No |
what difference of the autherisations on change and expert
What is the use of Personalization tab in SU01?
Through CTS how we come to know the Role?
What is difference bewteen 4.7 ,ECC 5 and ECC6 from SAP Securtiy point of view
Can any one tell me briefly , what is the roles and responsibilities of SAP BASIS Security Administrator..
what is the procedure to delete a role?
6 Answers Cap Gemini, IBM, iGate,
Is it possible to have more than one st of org-level values in one role? Explain your answer.
what are all the questions covered in "profiles related concepts " please let me know ?
How to create a simple or single role.?
Hi we are working on the one company but location are different one location we are restrict the user pass word length 8 characters another location pass word length 10 characters but client is same and also we are maintaining the one app server. Could please help on this
Difference between 4.7c and ECC 6.0 in security aspect? I tried in many website but still not able to find the correct one.
What is diffrence to add tcode in Menu tab(PFCG)and in S_TCODE object?